Before you install an app from Google Play, you can check the app's Data safety section. Developers use the Data safety section to share information about how their app handles your data. This way, you can make more informed decisions about what apps you use.
Find an app’s data safety information
- Open Google Play
.
- Browse or use the search bar to find an app.
- Tap an app.
- Under "Data safety," you’ll find a summary of the app’s data safety practices.
- For more detail, tap See details.
Tip: The info in the Data safety section only applies to apps distributed on Google Play. You’ll only find the Data safety section on Android 5 and up.
Understand & review app data safety practices
The Data safety section of an app listing lets developers describe how their apps collect, share, and handle different types of data. Developers explain their practices for:
- Data collection: Developers describe the types of user data their app collects, how they use this data, and whether the collection of this data is optional. Data is generally considered “collected” when the developer uses their app to retrieve data off your device.
- In some cases, developers do not need to disclose data as "collected" even if the data technically leaves your device (for example, when the data is only processed ephemerally). Learn more about these cases below.
- Data sharing: Developers describe if their app shares your data with third parties and what types of data are shared. Data is generally considered "shared" when it is accessed by the app and transferred to a third party.
- In some cases, developers do not need to disclose data as "shared" even if it's technically transferred to another party (for example, when you give your consent to transfer the data after the app explains how it will use the data, or when the data is shared with a developer’s service provider). Learn more about these cases below.
Developers use Google Play’s Data safety section to describe the sum of their app’s data collection and sharing across all versions of the app distributed on Google Play. An app’s data privacy and security practices may vary based on your use, region, and age. Developers may use the “About this app” section of an app’s Google Play listing, the privacy policy, or other documentation to share app version-specific information with their users.
Understand data collection & data sharing
Data collectionDevelopers do not need to disclose data accessed by an app as "collected" in the Data safety section if:
- An app accesses the data only on your device and it is not sent off your device. For example, if you provide an app permission to access your location, but it only uses that data to provide app functionality on your device and does not send it to its server, it does not need to disclose that data as collected.
- Your data is sent off the device but only processed ephemerally. This means the developer accesses and uses your data only when it is stored in memory, and retains the data for no longer than necessary to service a specific request. For example, if a weather app sends your location off your device to get the current weather at your location, but the app only uses your location data in memory and does not store the data for longer than necessary to provide the weather.
- Your data is sent using end-to-end encryption. This means the data is unreadable by anyone other than the sender and recipient. For example, if you send a message to a friend using a messaging app with end-to-end encryption, only you and your friend can read the message.
Sometimes apps may redirect you to a different service to complete a certain action. For example, an app may direct you to a payment service such as PayPal, Google Pay, or another similar service, to complete a purchase. In these cases, the app developer does not need to declare the data collected by the other service if:
- The app does not access this information, and
- You provide this information directly to the other service under that service’s privacy policy and terms of service.
In some cases, app developers do not need to declare data that is transferred to others as "shared" in the Data safety section. This includes when:
- The data is transferred to a third party based on a specific action that you initiate, where you reasonably expect the data to be shared. For example, when you send an email to or share a document with another person.
- The data transfer to a third party is prominently disclosed in the app, and the app requests your consent in a way that meets the requirements of Google Play’s User Data policy.
- The data is transferred to a service provider to process it on the developer’s behalf. For example, a developer may use a service provider to host data on their behalf and in compliance with the developer's instructions, contractual terms, privacy policies, and security standards.
- The data is transferred for specific legal purposes, such as in response to a government request.
- The data transferred is fully anonymized so it can no longer be associated with any individual.
Other information in the Data safety section
Security practicesDevelopers can describe certain security practices they use. This includes if their app:
- Encrypts data that it collects or shares while it’s in transit.
- Some apps are designed to let you transfer your data to another site or service. These apps may declare in their Data safety section that your data is transferred over a secure connection as long as they use best industry standards to safely encrypt your data while it travels between your device and the app’s servers. The sites or services that you choose to have your data transferred to may have different privacy and security practices. Review those practices independently to ensure that you are transferring your data to secure destinations. For example, a messaging app that declares that it encrypts your data in transit may give you an option to send an SMS message through your mobile services provider. You should review the data handling practices of your mobile services provider, as it may not be using encryption in transit to securely send SMS messages over its mobile network.
- Has been independently reviewed against a global security standard. This independent review validates the app’s security practices against a global standard. The third-party organizations performing the review are doing so on the developers' behalf. This review does not verify the accuracy and completeness of the developer’s Data safety section disclosure.
- Offers payments through Unified Payments Interface (UPI). UPI is an instant money transfer system. It was developed by the National Payments Corporation of India (NPCI), an RBI-regulated entity. Developers indicate that NPCI has verified and validated this app's implementation of UPI. This security practice is only available for app use in India.
The Data deletion section lets developers describe what ways they provide for you to remove your data in the app.
Some apps may offer you the ability to create an account. Apps that offer account creation must:
- Provide users with an in-app path to delete their app accounts and associated data.
- Provide a web link resource where users can request app account deletion and associated data deletion.
Some apps that offer account creation may also offer you the option to delete certain app data without deleting your entire account.
Other apps don’t offer account creation, but may provide a way for you to delete your associated data. To learn how to request the deletion of your data and how the developer responds to and handles data deletion requests:
Learn more about Google Play's account deletion requirement for apps.Learn more about the disclosures for account management data and system services.
Account management
Some apps let you create an account or add info to an account that the developer uses across its services. A developer might use the account data collected through the app for additional purposes across its services that are not specific to the app, such as fraud prevention or advertising. Developers may disclose this collection and use of account data across their services as "Account management." Developers must still declare all purposes for which the app itself uses the data. Review the app’s information, such as their privacy policy, to understand how a developer uses your account data across their services.
System services
System services are pre-installed software on some devices and cannot be uninstalled. They support device-specific features or functions. Developers of qualifying system services are not required to complete a Data safety section. You can review the developer’s site and privacy policy to learn more about their data safety practices.
Types of data & collection purposes covered in the Data safety section
The Data safety section explains the purpose for collecting and sharing specific types of data. Developers must use the same categories to explain these purposes so you can consistently compare multiple apps. The info should describe all versions and variations of the app.
Learn more about the data types and purposes included in the Data safety section.
| Category | Data type | Description |
|---|---|---|
| Location | Approximate location |
Yours or your device's physical location to an area greater than or equal to 3 square kilometers, such as the city you are in. |
| Precise location | Yours or your device's physical location within an area less than 3 square kilometers. | |
| Personal info | Name |
How you refer to yourself, such as your first or last name, or nickname. |
| Email address | Your email address. | |
| User IDs | Identifiers that relate to an identifiable person. For example, an account ID, account number, or account name. | |
| Address |
Your address, such as a mailing or home address. |
|
| Phone number | Your phone number. | |
| Race and ethnicity |
Information about your race or ethnicity. |
|
| Political or religious beliefs |
Information about your political or religious beliefs. |
|
| Sexual orientation |
Information about your sexual orientation. |
|
| Other info |
Any other personal information such as date of birth, gender identity, veteran status, etc. |
|
| Financial info | User payment info |
Information about your financial accounts, such as credit card number. |
| Purchase history |
Information about purchases or transactions you have made. |
|
| Credit score |
Information about your credit. For example, your credit history or credit score. |
|
| Other financial info |
Any other financial information, such as your salary or debts. |
|
| Health and fitness | Health info |
Information about your health, such as medical records or symptoms. |
| Fitness info |
Information about your fitness, such as exercise or other physical activity. |
|
| Messages | Emails |
Your emails, including the email subject line, sender, recipients, and the content of the email. |
| SMS or MMS |
Your text messages, including the sender, recipients, and the content of the message. |
|
| Other in-app messages |
Any other types of messages. For example, instant messages or chat content. |
|
| Photos and videos | Photos | Your photos. |
| Videos | Your videos. | |
| Audio files | Voice or sound recordings |
Your voice, such as a voicemail or a sound recording. |
| Music files |
Your music files. |
|
| Other audio files |
Any other audio files you created or provided. |
|
| Files and docs | Files and docs |
Your files or documents, or information about your files or documents, such as file names. |
| Calendar | Calendar events |
Information from your calendar, such as events, event notes, and attendees. |
| Contacts | Contacts |
Information about your contacts, such as contact names, message history, and social graph information like usernames, contact recency, contact frequency, interaction duration, and call history. |
| App activity | App interactions |
Information about how you interact with the app. For example, the number of times you visit a page or sections you tap on. |
| In-app search history | Information about what you have searched for in the app. | |
| Installed apps | Information about the apps installed on your device. | |
| Other user-generated content |
Any other content you generated that is not listed here, or in any other section. For example, bios, notes, or open-ended responses. |
|
| Other actions |
Any other activity or actions in-app not listed here, such as gameplay, likes, and dialog options. |
|
| Web browsing | Web browsing history |
Information about the websites you have visited. |
| App info and performance | Crash logs |
Crash data from the app. For example, the number of times the app has crashed on the device or other information directly related to a crash. |
| Diagnostics |
Information about the performance of the app on the device. For example, battery life, loading time, latency, framerate, or any technical diagnostics. |
|
| Other app performance data |
Any other app performance data not listed here. |
|
| Device or other IDs | Device or other IDs |
Identifiers that relate to an individual device, browser, or app. For example, an IMEI number, MAC address, Widevine Device ID, Firebase installation ID, or advertising identifier. |
| Data purposes | Description | Example |
|---|---|---|
| Account management | Used for the setup or management of your account with the developer. |
For example, to let you:
|
| Advertising or marketing | Used to display or target ads or marketing communications, or measuring ad performance. | For example, displaying ads in your app, sending push notifications to promote other products or services, or sharing data with advertising partners. |
| App functionality | Used for features that are available in the app. | For example, to enable app features, or authenticate you. |
| Analytics | Used to collect data about how you use the app or how it performs. | For example, to see how many users are using a particular feature, to monitor app health, to diagnose and fix bugs or crashes, or to make future performance improvements. |
| Developer communications |
Used to send news or notifications about the app or the developer. |
For example, sending a push notification to inform you about new features of the app or an important security update. |
| Fraud prevention, security, and compliance |
Used for fraud prevention, security, or compliance with laws. |
For example, monitoring failed login attempts to identify possible fraudulent activity. |
| Personalization |
Used to customize your app, such as showing recommended content or suggestions. |
For example, suggesting playlists based on your listening habits or delivering local news based on your location. |
Control app permissions & data collection
Understand app permissionsThe app permissions list shows what specific data or features that an app can access or to which it might request access. This list includes:
- Data or features required for the app to work, like mobile network access
- Data the app requests while you use it, like access to your camera
This list is based on technical information that describes how the developer’s app works. It’s different from the Data safety section, which is based on information declared by app developers about how they collect, share, and handle your data.
Sometimes, the information in the app permissions list may be different from what's in the Data safety section. Some of the possible reasons for this include:
- The app accesses data to process it on the device, but doesn’t collect or share it.
- The app collects data in a way that’s not managed by permissions.
- The service or data type in the permissions list isn’t covered in the Data safety section.
After you download an app, the app must ask for permission to access certain data. If an app collects data you don’t want to share, you can:
- Change your app permissions for a single app or by permission type in your phone's settings.
- Let your phone automatically remove permissions for unused apps.
- Delete apps to stop future data collection.
Tip: If you can’t request that your data be deleted from within the app, you can contact the developer to delete any data collected by the app. Learn how to contact an Android app's developer.
Google Play "Verified" badge for apps that handle sensitive user data
Important: The list of criteria isn’t exhaustive and doesn't fully represent all the criteria used to display the badge.
To highlight developers who are transparent about their security and user privacy practices in the Data safety section, Google Play introduces the "Verified" badge. When awarded, the new badge is prominently displayed on the app’s details page and in search results. Currently, this badge is only available for VPN apps. To be considered for the "Verified" badge, the app must meet certain criteria:
- Follow Play safety and security guidelines.
- Complete a Mobile Application Security Assessment (MASA) Level 2 validation.
- Publish on Google Play for at least 90 days.
- Achieve at least 10,000 installs and 250 reviews.
- Have an Organization developer account type.
- Meet target API level requirements for Google Play apps.
- Submit Data safety section declaration, which includes declaring or opting into:
- Independent security review
- Encryption in transit